AWS Test Drive Walkthrough

Follow

Here are some helpful YouTube videos of ARAP demos:

1.    Cavirin ARAP - Initial Login - YouTube

https://www.youtube.com/watch?v=QwWlyhpXS0g

  1. Cavirin ARAP: AWS Test Drive - YouTube

https://www.youtube.com/watch?v=bGzigbM4Lfk

  1. Cavirin ARAP - Add AWS cloud account - YouTube

https://www.youtube.com/watch?v=_ykfVrBvwu0

  1. Cavirin ARAP - Adding credentials - YouTube

https://www.youtube.com/watch?v=0SPEYsdzKvE 

5. Cavirin ARAP - Adding an IP Range - YouTube

https://www.youtube.com/watch?v=WPbnCMmS7Qs

  1. ARAP 8 1 Demo - YouTube

https://www.youtube.com/watch?v=cBPN3cZps3I

 

Home page

 

The home page is broken out into different areas to give you an overall view of the state of your environment.

Results by weight

This is a pie chart of the results of all the policies that have been tested against all your devices. All policies are weighted between 1-5

  • 1,2 = info
  • 3,4 = watch
  • 5 = alert

 

Devices by type

This is a pie chart showing you the spread of all the active OSes that ARAP has connected to.

 

Heatmap

The heatmap is laid out based on NIST Control Areas. All guidelines that are part of ARAP have been mapped to a NIST Control Area, even for PCI, HIPAA, etc. This makes it easy to see where you have the most alerts.

Click onto a specific section – alerts

This narrows the focus of the different control areas
Click on Baseline configuration

This allows you to see all the devices and their results for this particular Control Area.

Pick an issue and click the gear  to run a report of devices for this specific policy


This will show the devices with the policy result

Click on Guidelines tab

This shows the Guidelines that have been targeted to devices
Slide the bar to browse through the guidelines

Click on a guideline to center it and then click on it again to bring focus to it
This shows you

  1. The average score of all devices for this guideline
  2. The number of devices
  3. The score history over time – should show improvement over time

Click on Generate Report and this will generate a report for this guideline

The report will show you

  1. Executive summary
  2. Overall Compliance Trend
  3. Areas of Concern
    1. Issues by Guideline section
    2. Policy results

Close the report window.

 

 

Connecting to Cloud Infrastructures

Click on Infrastructure > Clouds

Click on Demo AWS Account

This page shows you:

  • Summary Configuration
  • All of your running instances with relevant information
  • Your VPCs
  • Images
  • Load Balancers
  • Key Pairs
  • Network Interfaces
  • Volumes
  • Snapshots
  • Security Groups
  • Auto Scaling Groups
  • Placement Groups
  • Users
  • Groups


You can click the  button to manually scan your environment at any time – not now though as it won't work.

You can also schedule a scan on the previous screen

Click on the Compliance Tab

This is where you can see the Guideline that pertains to this cloud environment.
Click on the Fail Result

This displays all the policies that are part of this guideline with the results.
Click on the “>” within the first line and keep toggling till you get to a result. Once you get to a result you can click on the result to see more information about the policy and the results, you may click on More Info if available.

Close this window

 

Viewing your devices

Click on Infrastructure > Devices

This is a list of the devices that have been scanned.

On the top right you can see a tally of:

  • Total devices: all your devices that have been found
  • Active devices: devices that ARAP has successfully logged into
  • Inaccessible devices: devices that ARAP has not been able to log into

You can create a report by clicking on the  button
The report is a CSV representation of this screen for all your devices
You can create a Historical Score report by clicking on the 
This report will list out your devices with the historical results

Click on a device’s hostname to see more information


This screen shows you the demographic information for this device

Click on the Targeting tab


This shows you the Guidelines that are being targeted for this device

Click on the Compliance tab


This shows you the results of the Guidelines that are targeted for this device

Click on the score for this device


This displays all the policies that are part of this guideline with the results.
Here you can click on the actions gear  and be able to suppress a policy that you know will always fail on the scans because of a compensating control.


You can suppress this policy for just this device or for all devices

Click Cancel to go back

Click on the Compliance tab again
Click on the  button

This report is a CSV representation of all of the policies that have been run against this device and will show you the Pass/Fail result of the policies along with the fix suggestions (if available) to be able to fix the failure of the policy. This report also maps the policy back to the Control ID of compliance standard.

 

 Tagging your systems for easier management

Click on Infrastructure > Tags

Tags allow you to “tag” devices to apply guidelines to a group of devices that contain the same tags. This screen also shows you the average score amongst the devices that are members of the tags. Tags can be either Static or Query Based.

  • Static tag – You manually tag devices
  • Query-based tag – You can set up specific criteria to automatically tag devices

Click on the tag’s name


This shows you a list of the devices that are tagged by this tag

You can create a report of all the devices within this tag by clicking on the  button.


This report is identical to the device report except each device within this tag group gets its own tab within the spreadsheet

You can create a historical score report by clicking on the  button.


This report is identical to the device historical score report except it lists out each device on its own line.

Click on the  button

This allows you to modify the filters to automatically tag devices.
Click Cancel
Click on the “Targeting” tab


This screen is identical to the device Targeting screen.

You can target specific Guidelines for the devices that are members of this tag group. Any Guidelines you target on this screen will propagate down to all member devices and the guidelines will be applied and scanned on future scheduled\manual scans.

Click on the “Compliance” tab


This screen is identical to the device Compliance tab except it shows the average score of all devices.

 

 

Scanning your network for devices

Click on Discovery > IP Ranges

This is where you would configure any IP ranges you would like to sweep for devices.
Choose a range and then click on the gear  on the right

Choose “Edit range”


Input the start and the end of the IP address range along with a label for this range. The Connectivity section allows you to configure a Distributed Scan Engine to be able to reach a specific network segment. Please talk with your Sales team if you’re interested to learn more about this feature.

Click the  button

This screen is also where we can schedule scans of your IP ranges. A benefit of ARAP is that you can schedule scans for each IP range independently.

Choose a range and then click on the gear  on the right of the line
Choose “Schedule”


This is where you can choose what to scan on your schedule. Devices Attributes is the main scan that gets scheduled and each option comes along for the ride. You can schedule a scan every 15 minutes, every day or every week.

  • Deep Discovery scan interrogates the device and pulls back demographic.
  • Configuration Files are polled for integrity monitoring.
  • Policies are the guidelines, these can be scheduled to run on alternate scans if you don’t require constant updates of the guideline scores.

Click the  button.
Click on Discovery > Credentials


This is where you store the credentials to log into the devices to perform the scans. There are two different types of credentials

  • Global – These will be attempted on all devices that match the type
  • Restricted – These will be available to be assigned to specific devices

Click on the  button

Click on the drop down menu for the Type
This is to choose the correct device type such as Linux, Windows, VMware, AWS or other networking devices
Choose “Windows Administrator”

Here you input the domain/username and a password the ARAP server will use to attempt to log into the device.
Pick other types from the drop down menu and take a look at the different device types you can log into.
When you are done looking click the  button.

 

 

Reporting

- Ad-hoc reports

Click on Reports > Ad-Hoc reports

This section provides a central place to be able to run reports on an ad-hoc basis in addition to the other places that have been pointed out. The different report options here are:

Active Devices – This report will generate a list of all your active devices and the compliance results for each.

Inaccessible Devices – This will list out all the devices that are inaccessible by ARAP along with the guess of what the OS is.

Active Devices with specific tags – This report is created using specific tags that are chosen

Guidelines reports – These reports show you an overall view of the compliance of the guideline chosen.

- Scheduling Reports

ARAP allows you to schedule Tag reports and Guideline reports

To schedule a new report click on the  button.

Chose Type > Tag Report

Choose which tag you would like to schedule a report for

Click the  button, then click the actions gear  to schedule this report
Click on Schedule

Here can enable the schedule as well as choose how often to run the report

 

- Historical reports

Clicking on Reports > Historical allows you to "pick up" scheduled reports after they have be generated. You can download the report by clicking on the  icon.

 

There are plenty of other things you can check out within ARAP. Please take your time and get a feel for the ARAP server interface. This Test Drive will be active for 2 hours. All features are available during that time.

Have more questions? Submit a request

Comments